Re: OpenWrt vs Defense positions
On 5/7/23 13:19, Hauke Mehrtens wrote: I check from time to time which companies in the US are looking for OpenWrt experts [0] to get an overview who is using it. About 10% to 30% of these job offers require clearance. It looks like the US military and US intelligence community is using OpenWrt. Once I saw a job offer where someone was looking for a person who has experience in writing exploits for OpenWrt and DD-WRT in the Washington, D.C. area, this scared me a bit, normally I do not have the NSA in my thread model. Someone from BAE Systems (largest defence contractor in Europe) was also contacting us at OpenWrt some years ago with questions about the license. I hope that these companies use OpenWrt mostly to provide Internet access for their soldiers and it is not part of any real weapon system. As OpenWrt is now used by many vendors I think the intelligence agencies around the world are interested in exploits fro OpenWrt. I'm now getting at least two queries a week from recruiters regarding (non-OpenWrt) but embedded Linux positions building weapons systems. My usual reply is that "firing missiles at people doesn't improve the world". That's hippy idealism of course, but it's still my stance. (My current involvement in OpenWrt is providing cell/internet access to first responders; my knowledge of military internet or whatever is zero apart from the the obvious history). I heard a rumor some years ago that one of the biggest OpenWrt installation was at the fence between the US and Mexico, but I have no prove that this is true. Yes, and regarding security as we usually mean in the software stance, and whether the rumor is true or not, OpenWrt is widely deployed. It doesn't take very much paranoia at all to think that there are government departments in various countries keeping track of issues with embedded Linux in general and OpenWrt in particular. It also doesn't take much of a stretch to image they have at least some info on major OpenWrt contributors such as yourself or people who have long expressed interest in embedded Linux security, although certainly in my case, it would be short and boring. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
On 5/1/23 21:28, Peter Naulls wrote: For those of you who track the small but very real OpenWrt job market, you may have seen there's a creep into Defense/Clearance jobs. Here's but one example: https://careers-bluehalo.icims.com/jobs/3844/job As a self-declared pacifist (and anyway, dual citizen which would limit my ability to get clearance), this is most certainly not for me, but I thought it should be something you guys might want to be aware of. I check from time to time which companies in the US are looking for OpenWrt experts [0] to get an overview who is using it. About 10% to 30% of these job offers require clearance. It looks like the US military and US intelligence community is using OpenWrt. Once I saw a job offer where someone was looking for a person who has experience in writing exploits for OpenWrt and DD-WRT in the Washington, D.C. area, this scared me a bit, normally I do not have the NSA in my thread model. Someone from BAE Systems (largest defence contractor in Europe) was also contacting us at OpenWrt some years ago with questions about the license. I hope that these companies use OpenWrt mostly to provide Internet access for their soldiers and it is not part of any real weapon system. As OpenWrt is now used by many vendors I think the intelligence agencies around the world are interested in exploits fro OpenWrt. I heard a rumor some years ago that one of the biggest OpenWrt installation was at the fence between the US and Mexico, but I have no prove that this is true. The GPL and the other licenses used by OpenWrt do not prevent the usage by any military or intelligence agency. OpenWrt does not do a background check on external contributors. We have contributions from people from many countries the US does not like. Hauke [0]: https://www.indeed.com/jobs?q=openwrt= ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
On Tue, May 2, 2023 at 6:24 AM Peter Naulls wrote: > > Another impression I have, is that the OpenWrt project is very important > > for many yet under-resourced. > > There are some important tasks that would help with the long-term > > maintenance (e.g. merging of the mtk_nand for > > Does anyone know how much > > contributions come from people working for companies in OpenWrt? >> Who knows. I will say that OpenWrt has formed a large part of my career. As > measured by patches (which frankly, is something of a time-consuming hurdle), > my > contributions are very very small, but all my OpenWrt work has been under > companies. Embedded Linux was, until recently, my "career" since 1997 or so, when I started working with the handhelds.org project, and later worked at MontaVista. Very little of what I have done since 2003 was under corporate aegis. CeroWrt, and the five years spent reworking the Linux wifi stack in make-wifi-fast came out of my savings, mostly, with a bit of support from comcast, nlnet, and gfiber. When I failed to get a round of external funding to keep the project alive, after we heaved the most core fq_codel bits over the wall, I gave up. There are still bugs left over in that, hanging over my head, no-one else has been able to solve. The wifi industry as a whole took a major wrong turn that perhaps wifi7 will get it out of, but I don´t know. There are so many other problems in embedded linux today, not least of which is the failure to keep up with mainline linux. Complexity collapse seems nigh!, and the skills required to cross compile stuff seem to be fading. Of particular irony for me persists in the initial joy I had felt upon learning Starlink was using openwrt, only to find that even their most recent product is leveraging... wait for it... LEDE, and so locked down as to be impossible to upgrade. Going back to the original subject of this thread, I would hope that more cash spent on testing and securing openwrt would come from *somewhere*. > > > -- Podcast: https://www.linkedin.com/feed/update/urn:li:activity:7058793910227111937/ Dave Täht CSO, LibreQos ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
On Tue, May 02, 2023 at 09:34:01AM -0400, Peter Naulls wrote: > On 5/2/23 09:31, Enrico Mioso wrote: > > On Tue, May 02, 2023 at 09:24:52AM -0400, Peter Naulls wrote: > > > On 5/2/23 07:26, Enrico Mioso wrote: > > > > > > > > Another impression I have, is that the OpenWrt project is very > > > > important for many yet under-resourced. > > > > There are some important tasks that would help with the long-term > > > > maintenance (e.g. merging of the mtk_nand for mt7621 and the upstrema > > > > one, if at all possible), which require time and highly motivated > > > > person to carry on. > > > > > > I was that person, but at this point, the upstream m7621 NAND driver works > > > correctly, *except* when the MMC is also enabled. The mtk_nand driver is > > > very old and I did get it to run correctly for reads under current kernel, > > > but it > > > didn't seem to have any further value here, and many obvious faults - see > > > my > > > discussion on this a few months back. If there's specific work you know > > > of > > > here, I'd be very interested. > > > > Thanks for your reply. > > > > No, I don't know wether work is ongoing on that at the moment, sorry. > > Yes, but there must have been some issue that caused this comment - is there > some backstory here? Oh no, I was just thinking about this in "long-term maintenance" terms. > > Enrico ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
On 5/2/23 09:31, Enrico Mioso wrote: On Tue, May 02, 2023 at 09:24:52AM -0400, Peter Naulls wrote: On 5/2/23 07:26, Enrico Mioso wrote: Another impression I have, is that the OpenWrt project is very important for many yet under-resourced. There are some important tasks that would help with the long-term maintenance (e.g. merging of the mtk_nand for mt7621 and the upstrema one, if at all possible), which require time and highly motivated person to carry on. I was that person, but at this point, the upstream m7621 NAND driver works correctly, *except* when the MMC is also enabled. The mtk_nand driver is very old and I did get it to run correctly for reads under current kernel, but it didn't seem to have any further value here, and many obvious faults - see my discussion on this a few months back. If there's specific work you know of here, I'd be very interested. Thanks for your reply. No, I don't know wether work is ongoing on that at the moment, sorry. Yes, but there must have been some issue that caused this comment - is there some backstory here? ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
On Tue, May 02, 2023 at 09:24:52AM -0400, Peter Naulls wrote: > On 5/2/23 07:26, Enrico Mioso wrote: > > On Mon, May 01, 2023 at 04:56:36PM -0400, Peter Naulls wrote: > > > On 5/1/23 16:42, Dave Taht wrote: > > > > > > > > > > one of the constraints OpenWrt has been placed under, historically, is the > > need to fit in small flash memoris, so fitting some libraries and > > infrastructure maybe a little bit of a stretch here. > > Furthermore, OpenWrt has been tought to be a platform, not a "finished" > > solution: this is not meant bo be an "excluse", just to note that some > > particular problems, and their solutions, have not been integrated in the > > core. > > In some cases, like for ModemManager, the problems where related to size > > and complexity, I think. > > Yes, although that's more historic; one of the reasons we did in fact go to > NAND below is due to size constraints; and indeed with ModemManager. It > took us a long time to get ModemManager working how we liked it, since it's > not a 100% > solution all by itself, and our needs are very specific. > > > > Another impression I have, is that the OpenWrt project is very important > > for many yet under-resourced. > > There are some important tasks that would help with the long-term > > maintenance (e.g. merging of the mtk_nand for mt7621 and the upstrema one, > > if at all possible), which require time and highly motivated person to > > carry on. > > I was that person, but at this point, the upstream m7621 NAND driver works > correctly, *except* when the MMC is also enabled. The mtk_nand driver is > very old and I did get it to run correctly for reads under current kernel, > but it > didn't seem to have any further value here, and many obvious faults - see my > discussion on this a few months back. If there's specific work you know of > here, I'd be very interested. Thanks for your reply. No, I don't know wether work is ongoing on that at the moment, sorry. Enrico > > > > As for what will happen with OpenWrt when it will become used in some > > important places, I don't have an answer of course. > > Does anyone know how much contributions come from people working for > > companies in OpenWrt? > > Who knows. I will say that OpenWrt has formed a large part of my career. As > measured by patches (which frankly, is something of a time-consuming > hurdle), my > contributions are very very small, but all my OpenWrt work has been under > companies. > > > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
On 5/2/23 07:26, Enrico Mioso wrote: On Mon, May 01, 2023 at 04:56:36PM -0400, Peter Naulls wrote: On 5/1/23 16:42, Dave Taht wrote: one of the constraints OpenWrt has been placed under, historically, is the need to fit in small flash memoris, so fitting some libraries and infrastructure maybe a little bit of a stretch here. Furthermore, OpenWrt has been tought to be a platform, not a "finished" solution: this is not meant bo be an "excluse", just to note that some particular problems, and their solutions, have not been integrated in the core. In some cases, like for ModemManager, the problems where related to size and complexity, I think. Yes, although that's more historic; one of the reasons we did in fact go to NAND below is due to size constraints; and indeed with ModemManager. It took us a long time to get ModemManager working how we liked it, since it's not a 100% solution all by itself, and our needs are very specific. Another impression I have, is that the OpenWrt project is very important for many yet under-resourced. There are some important tasks that would help with the long-term maintenance (e.g. merging of the mtk_nand for mt7621 and the upstrema one, if at all possible), which require time and highly motivated person to carry on. I was that person, but at this point, the upstream m7621 NAND driver works correctly, *except* when the MMC is also enabled. The mtk_nand driver is very old and I did get it to run correctly for reads under current kernel, but it didn't seem to have any further value here, and many obvious faults - see my discussion on this a few months back. If there's specific work you know of here, I'd be very interested. As for what will happen with OpenWrt when it will become used in some important places, I don't have an answer of course. Does anyone know how much contributions come from people working for companies in OpenWrt? Who knows. I will say that OpenWrt has formed a large part of my career. As measured by patches (which frankly, is something of a time-consuming hurdle), my contributions are very very small, but all my OpenWrt work has been under companies. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
On Mon, May 01, 2023 at 04:56:36PM -0400, Peter Naulls wrote: > On 5/1/23 16:42, Dave Taht wrote: > > > > > How a ragtag bunch of unincorporated (mostly?) peacenik hippie types > > can co-exist with devices being built by militaries out of this stuff > > I have few ideas. I prefer to shrink the world, and produce stable, > > secure, software, for everyone that wants it, but I look at the > > contentious places where it also goes (like space, or spacex) and > > wonder how it will all end up, and who will maintain it, improve it, > > or attempt to subvert it. > > Yes, and on a parallel note about security (not "Security" aka Defense), > OpenWrt is good, but not excellent. This has been a long term interest > of mine, largely due to career need rather than enthusiasm per se - the > product I'm working on now has been through multiple security reviews - much > of it without question is theater. > > See a discussion I started on this some months ago - there's been a bit > of a historic lack of appetite for this topic, partly because some of > the theater is certainly high-class nonsense, and partly because of lack of > resources - OpenWrt doesn't really have a dedicated security effort (if I > missed > something in recent months than I apologize), and some of the suggestions > I've made have gone into the ether. My 2 cents: one of the constraints OpenWrt has been placed under, historically, is the need to fit in small flash memoris, so fitting some libraries and infrastructure maybe a little bit of a stretch here. Furthermore, OpenWrt has been tought to be a platform, not a "finished" solution: this is not meant bo be an "excluse", just to note that some particular problems, and their solutions, have not been integrated in the core. In some cases, like for ModemManager, the problems where related to size and complexity, I think. Another impression I have, is that the OpenWrt project is very important for many yet under-resourced. There are some important tasks that would help with the long-term maintenance (e.g. merging of the mtk_nand for mt7621 and the upstrema one, if at all possible), which require time and highly motivated person to carry on. As for what will happen with OpenWrt when it will become used in some important places, I don't have an answer of course. Does anyone know how much contributions come from people working for companies in OpenWrt? Enrico > > Still, I think there's a growing recognition of its use - certainly > many home routers and no little number of special-user routers run it > as well as commercial applications and of course the original topic > I raised. OpenWrt now has vastly more clout in the world than superficial > visibility would suggest. > > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
On 5/1/23 16:42, Dave Taht wrote: How a ragtag bunch of unincorporated (mostly?) peacenik hippie types can co-exist with devices being built by militaries out of this stuff I have few ideas. I prefer to shrink the world, and produce stable, secure, software, for everyone that wants it, but I look at the contentious places where it also goes (like space, or spacex) and wonder how it will all end up, and who will maintain it, improve it, or attempt to subvert it. Yes, and on a parallel note about security (not "Security" aka Defense), OpenWrt is good, but not excellent. This has been a long term interest of mine, largely due to career need rather than enthusiasm per se - the product I'm working on now has been through multiple security reviews - much of it without question is theater. See a discussion I started on this some months ago - there's been a bit of a historic lack of appetite for this topic, partly because some of the theater is certainly high-class nonsense, and partly because of lack of resources - OpenWrt doesn't really have a dedicated security effort (if I missed something in recent months than I apologize), and some of the suggestions I've made have gone into the ether. Still, I think there's a growing recognition of its use - certainly many home routers and no little number of special-user routers run it as well as commercial applications and of course the original topic I raised. OpenWrt now has vastly more clout in the world than superficial visibility would suggest. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: OpenWrt vs Defense positions
This is one of those uncomfortable situations. From where I sit (in the USA), Germany is viewed as an ally. There is a big shutdown of imports from China and Russia going on here; that also applies to software. In the embedded world, OpenWrt is a world leader here, with a reputation for quality and security second to none (except for the far-too-long tail of folk using obsolete versions). How a ragtag bunch of unincorporated (mostly?) peacenik hippie types can co-exist with devices being built by militaries out of this stuff I have few ideas. I prefer to shrink the world, and produce stable, secure, software, for everyone that wants it, but I look at the contentious places where it also goes (like space, or spacex) and wonder how it will all end up, and who will maintain it, improve it, or attempt to subvert it. To me, all the tools we build, all the code we write, is best used to create and maintain essential infrastructure, not tear it down. On Mon, May 1, 2023 at 12:31 PM Peter Naulls wrote: > > > For those of you who track the small but very real OpenWrt job market, you may > have seen there's a creep into Defense/Clearance jobs. Here's but one example: > > https://careers-bluehalo.icims.com/jobs/3844/job > > As a self-declared pacifist (and anyway, dual citizen which would limit my > ability to get clearance), this is most certainly not for me, but I thought it > should be something you guys might want to be aware of. > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel -- AMA March 31: https://www.broadband.io/c/broadband-grant-events/dave-taht Dave Täht CEO, TekLibre, LLC ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
OpenWrt vs Defense positions
For those of you who track the small but very real OpenWrt job market, you may have seen there's a creep into Defense/Clearance jobs. Here's but one example: https://careers-bluehalo.icims.com/jobs/3844/job As a self-declared pacifist (and anyway, dual citizen which would limit my ability to get clearance), this is most certainly not for me, but I thought it should be something you guys might want to be aware of. ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel